ISMS PolicyISMS Policy
- ISMS Policy
SHIFT ASIA provides high-quality software development, software testing and quality assurance services to clients worldwide. As a company with social responsibility, we recognize that it is critical for our sustainable business growth to implement the Information Security Management System (ISMS) that is designed to ensure adequate and appropriate security controls that maintain Confidentiality, Integrity and Availability of information assets. To address it, we have established the ISMS Policy that includes our basic policy on information security and are committed to making company-wide efforts to avoid any information security risks that may impact our business.
The ISMS is designed to ensure adequate and appropriate security controls customized to the needs of SHIFT ASIA. This policy specifies the requirements for establishing, implementing, monitoring, reviewing, maintaining, and improving documented ISMS within the context of the overall Business requirements.
The Scope of the ISMS covers all SHIFT ASIA business activities and applies to all assets for the entire SHIFT ASIA, which includes all active SHIFT ASIA offices below:
• Ho Chi Minh Office: 130 Suong Nguyet Anh Street, Ben Thanh Ward, District 1, Ho Chi
• Ha Noi Office: Room N04, 4th Floor, Viet Tower Building, No. 01 Thai Ha Street, Trung Liet Ward, Dong Da District, Ha Noi City.
3. Information Security Initiatives
3.1 ISO/IEC 27001:2013 Certification
SHIFT ASIA is committed to protecting its business from any information security risks under any circumstances. As part of this effort, we acquired ISO/IEC 27001:2013 certification for ISMS in September 2021. Having obtained this certification, we will endeavor to further enhance our information security measures, maintain or augment our information security management, and earn additional trust from our customers.
- Organization registered
- SHIFT ASIA CO., LTD.
- Scope of registration
- Software development and Software testing
- Applicable standard
- ISO/IEC 27001:2013
- Certification registration number
- 01 153 2135614
- Date of registration
- September 28, 2021
- Intertec Certification Japan Limited
- TÜV Rheinland Cert GmbH
3.2 Risk analysis and risk assessment
We identify and manage the information assets and analyze them in terms of threats and vulnerabilities. The risk to them will be evaluated based on asset value, threat and vulnerabilities. If risk value is high, adequate controls shall be implemented.
3.3 Enhancement of information security
We shall build and implement ISMS that is designed to ensure adequate and appropriate security controls that maintain Confidentiality, Integrity and Availability of information assets to prevent leakage, destruction, and illegal use of all information related to the customers, vendors, management etc. We also provide all staff with proper education and training to maintain and improve the effectiveness of the ISMS.
3.4 Business Continuity Management
We shall establish a contingency plan to secure business continuity, assuming occurrences of a loss of key premises caused by fire or lock down due to Corona virus pandemic, network related issue or a large-scale infection disease etc.
3.5 Evaluation and review of information security measures
We shall review the management and effectiveness of the ISMS on a regular basis for further improvement, while making efforts to identify any incidents.
September 28, 2021
SHIFT ASIA CO., LTD.
CEO Ryusuke Ito
Stay in touch with Us